Key Takeaways:
- Microsoft’s Secure Future Initiative (SFI) aims to bolster cybersecurity capabilities and protect customers from emerging threats.
- Microsoft is embracing “Continuous SDL,” a new software development approach that integrates security measures throughout the development, testing, deployment, and operation phases.
- Microsoft is leveraging tools like CodeQL for semantic code analysis to identify and address security risks.
Last November, Microsoft introduced its Secure Future Initiative (SFI) to deal with cybersecurity threats. The company announced today the launch of a regular series to track the milestones and progress of the SFI, demonstrating a commitment to transparency and resilience.
Microsoft Secure Future Initiative is a comprehensive effort to bolster security capabilities and protect customers from emerging threats. The company-wide initiative focuses on three areas: AI-based cyber defenses, advances in fundamental software engineering, and advocacy for strong application of international norms to protect civilians from cyber threats.
In a blog post today, Microsoft detailed that it has decided to move towards a new software development approach called “Continuous SDL.” This method will continuously integrate the latest security measures as it develops, tests, deploys, and operates its systems and services.
As a part of its Continuous SDL effort, Microsoft will use the CodeQL semantic code analysis engine to check code across 100 percent of commercial products. The CodeQL tool is designed to identify security risks and vulnerabilities within the source code. Microsoft has started using CodeQL to cover 86 percent of the Azure DevOps code repositories from its commercial businesses.
“We are expanding this further and anticipate that completing the consolidation process of the last 14% will be a complex, multi-year journey due to specific code repositories and engineering tools requiring additional work. In 2023, we onboarded more than one billion lines of source code to CodeQL which highlights our commitment towards progress,” said Bret Arsenault, CVP, Chief Cybersecurity Advisor.
Microsoft Secure Future Initiative enhances identity protection against sophisticated cyberattacks
Microsoft has also announced the integration of Microsoft Authentication Library (MSAL) into Microsoft 365 across various operating systems such as macOS, Windows, Android, and iOS. This feature allows users to utilize a consistent authentication method across all Microsoft Office apps.
Additionally, Microsoft emphasized that MSAL is used to handle over 99% of internal service-to-service authentication requests. This approach enhances security and makes it more difficult for intruders and malicious actors to compromise systems. Moreover, Microsoft has donated $1 million to the Rust Foundation in December 2023. The company is also allocating an extra $3.2 million to the Alpha-Omega project to support security improvements in open-source software projects crucial to global infrastructure.
Later this year, Microsoft plans to implement an automated mechanism for managing Entra ID and Microsoft Account (MSA) keys. The process should help in enhancing security by facilitating rapid rotation and secure storage of keys within Hardware Security Modules (HSMs). Additionally, Microsoft intends to shift its popular apps to standard identity libraries in late 2024.
Microsoft has pledged to provide more details on its efforts to implement new technologies and form stronger partnerships to adapt to the constantly changing cybersecurity landscape. You can learn more about the Microsoft Secure Future Initiative on the official website.